From: Victor Julien <victor@inliniac.net>
Date: Mon, 17 Oct 2016 12:17:55 +0000 (+0200)
Subject: detect: reorganize id's in prep of dynamic lists
X-Git-Tag: suricata-4.0.0-beta1~404
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4978a7a13366fab069fbc6b5135778e7d88cc6f8;p=thirdparty%2Fsuricata.git

detect: reorganize id's in prep of dynamic lists
---

diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index 2c2d3e4c84..92aee2c267 100644
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -554,7 +554,7 @@ void RetrieveFPForSig(Signature *s)
 
     /* inspect rule to see if we have the fast_pattern reg to
      * force using a sig, otherwise keep stats about the patterns */
-    for (list_id = 0; list_id < DETECT_SM_LIST_DETECT_MAX; list_id++) {
+    for (list_id = 0; list_id < DETECT_SM_LIST_MAX; list_id++) {
         if (s->init_data->smlists[list_id] == NULL)
             continue;
 
@@ -595,7 +595,7 @@ void RetrieveFPForSig(Signature *s)
         return;
     }
 
-    int final_sm_list[DETECT_SM_LIST_DETECT_MAX] = { 0 };
+    int final_sm_list[DETECT_SM_LIST_MAX] = { 0 };
     int count_final_sm_list = 0;
     int priority;
 
diff --git a/src/detect-parse.c b/src/detect-parse.c
index 48f34de400..b68cbf924d 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1466,7 +1466,15 @@ int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
     if (s->init_data->smlists[DETECT_SM_LIST_BASE64_DATA] != NULL) {
         int list;
         uint16_t idx = s->init_data->smlists[DETECT_SM_LIST_BASE64_DATA]->idx;
-        for (list = 0; list < DETECT_SM_LIST_DETECT_MAX; list++) {
+        for (list = 0; list < DETECT_SM_LIST_MAX; list++) {
+            if (list == DETECT_SM_LIST_POSTMATCH ||
+                list == DETECT_SM_LIST_TMATCH ||
+                list == DETECT_SM_LIST_SUPPRESS ||
+                list == DETECT_SM_LIST_THRESHOLD)
+            {
+                continue;
+            }
+
             if (list != DETECT_SM_LIST_BASE64_DATA &&
                 s->init_data->smlists[list] != NULL) {
                 if (s->init_data->smlists[list]->idx > idx) {
diff --git a/src/detect.c b/src/detect.c
index 83df2f2815..97e286e134 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -3452,7 +3452,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
             int prefilter_list = DETECT_TBLSIZE;
 
             /* get the keyword supporting prefilter with the lowest type */
-            for (i = 0; i < DETECT_SM_LIST_DETECT_MAX; i++) {
+            for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
                 SigMatch *sm = tmp_s->init_data->smlists[i];
                 while (sm != NULL) {
                     if (sigmatch_table[sm->type].SupportsPrefilter != NULL) {
@@ -3466,7 +3466,7 @@ int SigAddressPrepareStage1(DetectEngineCtx *de_ctx)
 
             /* apply that keyword as prefilter */
             if (prefilter_list != DETECT_TBLSIZE) {
-                for (i = 0; i < DETECT_SM_LIST_DETECT_MAX; i++) {
+                for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
                     SigMatch *sm = tmp_s->init_data->smlists[i];
                     while (sm != NULL) {
                         if (sm->type == prefilter_list) {
diff --git a/src/detect.h b/src/detect.h
index 74efc8f847..c7ab2abf07 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -87,8 +87,31 @@ struct SCSigSignatureWrapper_;
 enum DetectSigmatchListEnum {
     DETECT_SM_LIST_MATCH = 0,
     DETECT_SM_LIST_PMATCH,
+
+    /* list for per flow matches. Deprecated. */
+    DETECT_SM_LIST_AMATCH,
+
+    /* list for DCE matches */
+    DETECT_SM_LIST_DMATCH,
+
+    /* base64_data keyword uses some hardcoded logic so consider
+     * built-in
+     * TODO convert to inspect engine */
+    DETECT_SM_LIST_BASE64_DATA,
+
+    /* list for post match actions: flowbit set, flowint increment, etc */
+    DETECT_SM_LIST_POSTMATCH,
+
+    DETECT_SM_LIST_TMATCH, /**< post-detection tagging */
+
+    /* lists for alert thresholding and suppression */
+    DETECT_SM_LIST_SUPPRESS,
+    DETECT_SM_LIST_THRESHOLD,
+
+    DETECT_SM_LIST_BUILTIN_MAX,
+
     /* list for http_uri keyword and the ones relative to it */
-    DETECT_SM_LIST_UMATCH,
+    DETECT_SM_LIST_UMATCH = DETECT_SM_LIST_BUILTIN_MAX,
     /* list for http_raw_uri keyword and the ones relative to it */
     DETECT_SM_LIST_HRUDMATCH,
     /* list for http_client_body keyword and the ones relative to it */
@@ -120,9 +143,6 @@ enum DetectSigmatchListEnum {
     /* app event engine sm list */
     DETECT_SM_LIST_APP_EVENT,
 
-    DETECT_SM_LIST_AMATCH,
-    DETECT_SM_LIST_DMATCH,
-
     DETECT_SM_LIST_FILEMATCH,
 
     DETECT_SM_LIST_DNSREQUEST_MATCH,    /**< per DNS query tx match list */
@@ -139,25 +159,11 @@ enum DetectSigmatchListEnum {
     DETECT_SM_LIST_CIP_MATCH,
     DETECT_SM_LIST_ENIP_MATCH,
 
-    DETECT_SM_LIST_BASE64_DATA,
-
     DETECT_SM_LIST_DNP3_DATA_MATCH,
     DETECT_SM_LIST_DNP3_MATCH,
 
     DETECT_SM_LIST_TEMPLATE_BUFFER_MATCH,
 
-    /* Demarcation between detection and post-detection lists. All
-     * detection lists must come before this. */
-    DETECT_SM_LIST_DETECT_MAX,
-
-    /* list for post match actions: flowbit set, flowint increment, etc */
-    DETECT_SM_LIST_POSTMATCH = DETECT_SM_LIST_DETECT_MAX,
-
-    DETECT_SM_LIST_TMATCH, /**< post-detection tagging */
-
-    /* lists for alert thresholding and suppression */
-    DETECT_SM_LIST_SUPPRESS,
-    DETECT_SM_LIST_THRESHOLD,
     DETECT_SM_LIST_MAX,
 
     /* used for Signature->list, which indicates which list